security-bluebook-builder
Build Security Blue Books
Create comprehensive security documentation for sensitive applications. This skill provides patterns and guidance for building security Blue Books that document security controls, threat models, and compliance requirements.
Baixar o ZIP da skill
Upload no Claude
Vá em Configurações → Capacidades → Skills → Upload skill
Ative e comece a usar
Testar
A utilizar "security-bluebook-builder". Create a security Blue Book for a healthcare application that handles patient data
Resultado esperado:
Security Blue Book Outline:
1. Executive Summary
2. Application Overview
3. Data Classification (PHI, PII)
4. Threat Model
- Assets: Patient records, authentication
- Threat Actors: External attackers, insider threats
- Attack Vectors: SQL injection, XSS, privilege escalation
5. Security Controls
- Access Control
- Encryption (AES-256 for data at rest, TLS 1.3 in transit)
- Audit Logging
6. Compliance Mapping (HIPAA)
7. Incident Response Procedures
A utilizar "security-bluebook-builder". Add threat model to our financial transaction processing system
Resultado esperado:
Threat Model Section:
## Assets
- Transaction data
- User credentials
- API keys
## Threat Actors
- External attackers
- Malicious insiders
- Automated bots
## Attack Vectors
- API abuse
- Credential stuffing
- Data exfiltration
## Mitigation Strategies
- Rate limiting
- MFA enforcement
- DLP controls
Auditoria de Segurança
SeguroStatic analysis flagged hardcoded URLs and weak cryptographic algorithms, but evaluation reveals these are false positives. The URLs are legitimate documentation links to the skill's GitHub repository. The cryptographic flag was triggered by the word 'build' in 'build security blue books', which refers to documentation creation, not cryptography. This is a simple documentation skill with no security concerns.
Problemas de Baixo Risco (2)
Pontuação de qualidade
O Que Você Pode Construir
New Application Security Documentation
Generate initial security Blue Book structure for a new sensitive application, including security controls, threat model sections, and compliance mappings.
Compliance Documentation Update
Refresh existing security documentation to meet new compliance requirements or update threat model sections.
Security Documentation Review
Review and improve existing security Blue Books for completeness and accuracy.
Tente Estes Prompts
Create a security Blue Book for my new application [application name]. It handles [sensitive data types] and is deployed on [infrastructure]. Generate a comprehensive documentation structure including threat model, security controls, and compliance sections.
Add a threat model section to the existing security Blue Book for [application]. Include sections for assets, threat actors, attack vectors, and mitigation strategies.
Create a compliance mapping section for [regulation/standard] in our security Blue Book. Map our existing security controls to the required compliance criteria.
Review the security controls section of our Blue Book for [application]. Identify gaps, suggest improvements, and ensure coverage of OWASP Top 10 and common attack vectors.
Melhores Práticas
- Start with a clear data classification section to define what needs protection
- Include both technical controls and procedural security measures
- Regularly update threat models as the application evolves
Evitar
- Copy-pasting generic security templates without customization
- Ignoring non-functional security requirements like incident response
- Failing to document security decisions and their rationale